Classification and analysis of vulnerabilities of modern information systems from classical and quantum attacks

IF 0.2 Q4 ENGINEERING, ELECTRICAL & ELECTRONIC Visnyk NTUU KPI Seriia-Radiotekhnika Radioaparatobuduvannia Pub Date : 2022-12-30 DOI:10.30837/rt.2022.4.211.01
Ye. V. Ostrianska, S.O. Kandiy, I. Gorbenko, M. Yesina
{"title":"Classification and analysis of vulnerabilities of modern information systems from classical and quantum attacks","authors":"Ye. V. Ostrianska, S.O. Kandiy, I. Gorbenko, M. Yesina","doi":"10.30837/rt.2022.4.211.01","DOIUrl":null,"url":null,"abstract":"Recent advances in quantum technology and the potential that practical quantum computers may become a reality in the future have led to renewed interest in developing cryptographic technologies that are secure against conventional and quantum attacks. Currently, virtually all asymmetric cryptographic schemes in use are threatened by the potential development of powerful quantum computers. Post-quantum cryptography is one of main the ways to combat this threat. Its security is based on the complexity of mathematical problems that are currently considered unsolvable efficiently, even with the help of quantum computers. The security of information systems is ensured through protection against various threats that use system vulnerabilities. Security protocols are the building blocks of secure communication. They implement security mechanisms to provide security services. Security protocols are considered abstract when analyzed, but may have additional vulnerabilities in implementation. This work contains a holistic study of security protocols. Basics of security protocols, taxonomy of attacks on security protocols and their implementation are considered, as well as various methods and models of protocol security analysis. In particular, the differences between information-theoretic and computational security, computational and symbolic models are specified. In addition, an overview of the computational security models for Authenticated Key Exchange (AKE) and Password Authentication Key Exchange (PAKE) protocols is provided. The most important security models for the AKE and PAKE protocols were also described. With the emergence of new technologies that may have different security requirements, as well as with increased opportunities for competition, there is always a need to develop new protocols. Thus, the purpose of this article is to review, classify, analyze, and research the vulnerabilities of information systems from classical, quantum, and special attacks, performed taking into account the forecast regarding the possibilities of attacks on post-quantum cryptographic transformations; studying security assessment models for existing cryptographic protocols, as well as reviewing and benchmarking security models and providing suggestions for protection against existing potential attacks.","PeriodicalId":41675,"journal":{"name":"Visnyk NTUU KPI Seriia-Radiotekhnika Radioaparatobuduvannia","volume":null,"pages":null},"PeriodicalIF":0.2000,"publicationDate":"2022-12-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Visnyk NTUU KPI Seriia-Radiotekhnika Radioaparatobuduvannia","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.30837/rt.2022.4.211.01","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q4","JCRName":"ENGINEERING, ELECTRICAL & ELECTRONIC","Score":null,"Total":0}
引用次数: 0

Abstract

Recent advances in quantum technology and the potential that practical quantum computers may become a reality in the future have led to renewed interest in developing cryptographic technologies that are secure against conventional and quantum attacks. Currently, virtually all asymmetric cryptographic schemes in use are threatened by the potential development of powerful quantum computers. Post-quantum cryptography is one of main the ways to combat this threat. Its security is based on the complexity of mathematical problems that are currently considered unsolvable efficiently, even with the help of quantum computers. The security of information systems is ensured through protection against various threats that use system vulnerabilities. Security protocols are the building blocks of secure communication. They implement security mechanisms to provide security services. Security protocols are considered abstract when analyzed, but may have additional vulnerabilities in implementation. This work contains a holistic study of security protocols. Basics of security protocols, taxonomy of attacks on security protocols and their implementation are considered, as well as various methods and models of protocol security analysis. In particular, the differences between information-theoretic and computational security, computational and symbolic models are specified. In addition, an overview of the computational security models for Authenticated Key Exchange (AKE) and Password Authentication Key Exchange (PAKE) protocols is provided. The most important security models for the AKE and PAKE protocols were also described. With the emergence of new technologies that may have different security requirements, as well as with increased opportunities for competition, there is always a need to develop new protocols. Thus, the purpose of this article is to review, classify, analyze, and research the vulnerabilities of information systems from classical, quantum, and special attacks, performed taking into account the forecast regarding the possibilities of attacks on post-quantum cryptographic transformations; studying security assessment models for existing cryptographic protocols, as well as reviewing and benchmarking security models and providing suggestions for protection against existing potential attacks.
查看原文
分享 分享
微信好友 朋友圈 QQ好友 复制链接
本刊更多论文
现代信息系统在经典攻击和量子攻击中的漏洞分类与分析
量子技术的最新进展以及实用量子计算机在未来可能成为现实的潜力,使人们对开发能够抵御传统和量子攻击的加密技术重新产生了兴趣。目前,几乎所有正在使用的非对称加密方案都受到强大量子计算机潜在发展的威胁。后量子密码学是对抗这种威胁的主要方法之一。它的安全性基于数学问题的复杂性,这些问题目前被认为是无法有效解决的,即使有量子计算机的帮助。通过防范利用系统漏洞的各种威胁,确保信息系统的安全。安全协议是安全通信的基石。它们实现安全机制以提供安全服务。安全协议在分析时被认为是抽象的,但在实现时可能有额外的漏洞。这项工作包含了对安全协议的全面研究。介绍了安全协议的基础知识,安全协议攻击的分类及其实现,以及协议安全分析的各种方法和模型。特别指出了信息理论和计算安全、计算模型和符号模型之间的区别。此外,还概述了认证密钥交换(AKE)和密码认证密钥交换(PAKE)协议的计算安全模型。对AKE和PAKE协议最重要的安全模型也进行了描述。随着可能具有不同安全需求的新技术的出现,以及竞争机会的增加,总是需要开发新的协议。因此,本文的目的是回顾、分类、分析和研究信息系统在经典攻击、量子攻击和特殊攻击中的漏洞,并考虑到对后量子密码转换攻击可能性的预测;研究现有加密协议的安全评估模型,审查和对安全模型进行基准测试,并提供针对现有潜在攻击的保护建议。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 去求助
来源期刊
Visnyk NTUU KPI Seriia-Radiotekhnika Radioaparatobuduvannia
Visnyk NTUU KPI Seriia-Radiotekhnika Radioaparatobuduvannia ENGINEERING, ELECTRICAL & ELECTRONIC-
自引率
33.30%
发文量
0
期刊最新文献
Combined heat conductive boards with polyimide dielectrics Synthesis and analysis of the trace detector of air objects of an interrogating radar system Creating a call center test bench for load balancing Asterisk servers in a cluster Current state and development trends of class E oscillators: an overview Experimental studies of a lidar emitter built according to the oscillator-amplifier scheme
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
已复制链接
已复制链接
快去分享给好友吧!
我知道了
×
扫码分享
扫码分享
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1